Virus jmh trj MSN
Résolu/Fermé
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
-
1 avril 2008 à 00:13
magnusfx - 2 avril 2008 à 00:49
magnusfx - 2 avril 2008 à 00:49
A voir également:
- Virus jmh trj MSN
- Msn - Télécharger - Messagerie
- Svchost.exe virus - Guide
- Msn actu - Télécharger - Médias et Actualité
- Youtu.be virus - Guide
- Operagxsetup virus ✓ - Forum Virus
22 réponses
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 00:21
1 avril 2008 à 00:21
Bonsoir! Télécharge ceci:http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le puis double-clic sur le DOSSIER de MSNFix.
Double-clic sur le fichier MSNFix.bat
Quand la fenêtre bleue s'affiche tape R
Lors du scan si une infection est repérée appuie sur Entrée
Un rapport sera généré dans le même dossier que MSNFix envoie-nous ça.
NB:il se peut qu'il demande un redémarrage, fais-le.
Décompresse-le puis double-clic sur le DOSSIER de MSNFix.
Double-clic sur le fichier MSNFix.bat
Quand la fenêtre bleue s'affiche tape R
Lors du scan si une infection est repérée appuie sur Entrée
Un rapport sera généré dans le même dossier que MSNFix envoie-nous ça.
NB:il se peut qu'il demande un redémarrage, fais-le.
TSniper
Messages postés
778
Date d'inscription
lundi 14 janvier 2008
Statut
Membre
Dernière intervention
15 novembre 2016
157
1 avril 2008 à 00:23
1 avril 2008 à 00:23
supprime ça:
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 00:28
1 avril 2008 à 00:28
OK MAIS COMMENT LES SUPPRIMEES ??????
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 00:31
1 avril 2008 à 00:31
Il y a une case devant chaque ligne, coche celles devant les deux lignes que Sniper a noté et tu fais fix Checked.
Ensuite fais le MSNFix
Ensuite fais le MSNFix
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 00:34
1 avril 2008 à 00:34
merci je mis mais de suite ... et merci pour votre rapidite
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 00:49
1 avril 2008 à 00:49
cela ne fonctionne pas !!! ca me dit le chemin specifie est introuvable !!!!
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 00:54
1 avril 2008 à 00:54
ok voila le rapport :
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe ( 64156 bytes )
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.1 ( 64156 bytes )
C:\WINDOWS\system32\^^^^^.exe is damaged PE file
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.2 ( 64156 bytes )
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.3 ( 64156 bytes )
C:\WINDOWS\system32\^^^^^.exe is damaged PE file
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe ( 64156 bytes )
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.1 ( 64156 bytes )
C:\WINDOWS\system32\^^^^^.exe is damaged PE file
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.2 ( 64156 bytes )
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.3 ( 64156 bytes )
C:\WINDOWS\system32\^^^^^.exe is damaged PE file
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 00:54
1 avril 2008 à 00:54
Il se peut qu'il n'y ait pas l'extension .bat
Clique alors sur MSNFix (toujours dans le dossier)
Clique alors sur MSNFix (toujours dans le dossier)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 00:57
1 avril 2008 à 00:57
Il n'est pas en entier recommence.
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 01:08
1 avril 2008 à 01:08
MSNFix 1.695
C:\Documents and Settings\arnaud\Bureau\MSNFix
Fix exécuté le 01/04/2008 - 0:50:48,81 By arnaud
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\^^^^^.exe
... C:\WINDOWS\system32\^^^^^.exe
... C:\??????.exe
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
... \TEMP\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
.. OK ... C:\??????.exe
.. OK ... C:\WINDOWS\system32\real.txt
************************ Suppression des dossiers
.. OK ... \TEMP\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
.. OK ... C:\WINDOWS\system32\^^.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01042008_ 1052592.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
C:\Documents and Settings\arnaud\Bureau\MSNFix
Fix exécuté le 01/04/2008 - 0:50:48,81 By arnaud
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\^^^^^.exe
... C:\WINDOWS\system32\^^^^^.exe
... C:\??????.exe
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
... \TEMP\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
.. OK ... C:\??????.exe
.. OK ... C:\WINDOWS\system32\real.txt
************************ Suppression des dossiers
.. OK ... \TEMP\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
.. OK ... C:\WINDOWS\system32\^^.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01042008_ 1052592.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
>
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
1 avril 2008 à 01:15
1 avril 2008 à 01:15
tu ma di de tapez entre !!!??? ca lance un genre de nettoyage ai je fai une connerie????
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 01:18
1 avril 2008 à 01:18
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe ( 64156 bytes )
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.1 ( 64156 bytes )
C:\WINDOWS\system32\^^^^^.exe is damaged PE file
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.2 ( 64156 bytes )
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.3 ( 64156 bytes )
C:\WINDOWS\system32\^^^^^.exe is damaged PE file
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
read file error: C:\WINDOWS\system32\^^.exe, Le fichier spécifié est introuvable.
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.1 ( 64156 bytes )
C:\WINDOWS\system32\^^^^^.exe is damaged PE file
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.2 ( 64156 bytes )
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
file zipped: C:\WINDOWS\system32\^^^^^.exe -> catchme.zip -> ^^^^^.exe.3 ( 64156 bytes )
C:\WINDOWS\system32\^^^^^.exe is damaged PE file
PE file "C:\WINDOWS\system32\^^^^^.exe" killed successfully
read file error: C:\WINDOWS\system32\^^.exe, Le fichier spécifié est introuvable.
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 01:18
1 avril 2008 à 01:18
Nickel! Maintenant tu redémarres ton pc, tu télécharges MalwareBytes ici:http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
Suis ce tutorial:https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Après l'avoir installé tu redémarres en mode sans échec (regarde ici si tu ne sais pas comment faire:http://www.commentcamarche.net/faq/sujet 5004 windows xp demarrage en mode sans echec
NB: pas d'internet dans ce mode!
Ensuite tu lances MalwareBytes et tu fais "Exécuter un scan complet" ça va être long (c'est normal! Et surtout laisse-le aller jusqu'au bout!). A la fin du scan il affichera sans doute une liste d'objets trouvés: fais supprimer en bas à gauche.
Sauvegarde bien le rapport.
Après tu redémarres en mode normal et tu vas faire un scan en ligne ici:http://www.bitdefender.fr/scan_fr/scan8/ie.html
IMPORTANT: ton navigateur doit être Internet Explorer pour que ça marche! Dès que c'est fini envoie le rapport ici.
NB: Je sais qu'il est tard mais lance au moins MalwareBytes (le scan dure plus de 2 heures). Tu peux dormir mais important n'oublie pas de lancer ce logiciel! Comme ça à ton réveil tu n'auras plus qu'à supprimer les trucs qu'il a trouvé et faire le scan en ligne.
Suis ce tutorial:https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Après l'avoir installé tu redémarres en mode sans échec (regarde ici si tu ne sais pas comment faire:http://www.commentcamarche.net/faq/sujet 5004 windows xp demarrage en mode sans echec
NB: pas d'internet dans ce mode!
Ensuite tu lances MalwareBytes et tu fais "Exécuter un scan complet" ça va être long (c'est normal! Et surtout laisse-le aller jusqu'au bout!). A la fin du scan il affichera sans doute une liste d'objets trouvés: fais supprimer en bas à gauche.
Sauvegarde bien le rapport.
Après tu redémarres en mode normal et tu vas faire un scan en ligne ici:http://www.bitdefender.fr/scan_fr/scan8/ie.html
IMPORTANT: ton navigateur doit être Internet Explorer pour que ça marche! Dès que c'est fini envoie le rapport ici.
NB: Je sais qu'il est tard mais lance au moins MalwareBytes (le scan dure plus de 2 heures). Tu peux dormir mais important n'oublie pas de lancer ce logiciel! Comme ça à ton réveil tu n'auras plus qu'à supprimer les trucs qu'il a trouvé et faire le scan en ligne.
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 01:21
1 avril 2008 à 01:21
Non c'est bon il y a pas de mal mais redémarre bien! Et fais ce que je t'ai décris dans le dernier post!
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 04:06
1 avril 2008 à 04:06
bon voila !! dans le doute je t'envoi les rapports MALWARE et BITDEFENDER:
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 576
Type de recherche: Examen complet (C:\|)
Eléments examinés: 105967
Temps écoulé: 1 hour(s), 31 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\WinAntiSpyware 2006 Scanner (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Video AX Object (Trojan.Zlob) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.skin (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\license.rtf (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.skin (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\was6.skin (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsfjlbc_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuheis_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsfjlbc_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuheis_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
BitDefender Online Scanner
Rapport d'analyse généré à: Tue, Apr 01, 2008 - 03:52:36
Voie d'analyse: C:\;D:\;
Statistiques
Temps
00:29:13
Fichiers
75825
Directoires
10455
Secteurs de boot
3
Archives
1363
Paquets programmes
5230
Résultats
Virus identifiés
1
Fichiers infectés
1
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
1
Info sur les moteurs
Définition virus
1082690
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
16
Archive des plugins
41
Unpack des plugins
7
E-mail plugins
6
Système plugins
5
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP285\A0082622.exe
Infecté par: Trojan.Retapu.D
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP285\A0082622.exe
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP285\A0082622.exe
Supprimé
VOILA EN ESPERANT AVOIR FE LES BONNE MANIP !!!!!
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 576
Type de recherche: Examen complet (C:\|)
Eléments examinés: 105967
Temps écoulé: 1 hour(s), 31 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\WinAntiSpyware 2006 Scanner (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Video AX Object (Trojan.Zlob) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.skin (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\license.rtf (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.skin (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\was6.skin (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsfjlbc_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuheis_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsfjlbc_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuheis_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
BitDefender Online Scanner
Rapport d'analyse généré à: Tue, Apr 01, 2008 - 03:52:36
Voie d'analyse: C:\;D:\;
Statistiques
Temps
00:29:13
Fichiers
75825
Directoires
10455
Secteurs de boot
3
Archives
1363
Paquets programmes
5230
Résultats
Virus identifiés
1
Fichiers infectés
1
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
1
Info sur les moteurs
Définition virus
1082690
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
16
Archive des plugins
41
Unpack des plugins
7
E-mail plugins
6
Système plugins
5
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP285\A0082622.exe
Infecté par: Trojan.Retapu.D
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP285\A0082622.exe
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP285\A0082622.exe
Supprimé
VOILA EN ESPERANT AVOIR FE LES BONNE MANIP !!!!!
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 11:38
1 avril 2008 à 11:38
Tus as bien fait toutes les bonnes manips ne t'inquiètes pas! Ton ordi va mieux? Parce que il y avait du monde là-dessous! 1 rogue et des trojans!
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 14:27
1 avril 2008 à 14:27
par contre les JMH TRJ sont toujour la !!! que faire???? quand j'etteind mon ordi ya toujour un ecran bleue qui me dit en gros que je doit desactive les option memoires du BIOS et puis des codes : 0X0000000A ; 0X0000123E ; 0X00000002 ; 0X00000000 ; 0X80500379
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 16:21
1 avril 2008 à 16:21
Ok, télécharge SDFix et suis ce tuto attentivement (n'effectue pas les opérations "autres options!). A faire en mode sans échec. Tout est ici:https://www.malekal.com/slenfbot-still-an-other-irc-bot/
Ensuite poste le rapport.
Ensuite poste le rapport.
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 16:50
1 avril 2008 à 16:50
Magnus; je serai absent jusqu'à Sept heures et quart. Attends-moi alors, mais poste le rapport SDFix.
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 17:18
1 avril 2008 à 17:18
ok!!!
[b]SDFix: Version 1.165 [/b]
Run by arnaud on 01/04/2008 at 16:58
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 17:07:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe [1600] 0x824105F0
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:77,dc,58,5c,79,15,93,1d,d6,7f,ab,2b,2b,d1,e0,95,fd,9f,ae,98,e2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:77,dc,58,5c,79,15,93,1d,d6,7f,ab,2b,2b,d1,e0,95,fd,9f,ae,98,e2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:77,dc,58,5c,79,15,93,1d,d6,7f,ab,2b,2b,d1,e0,95,fd,9f,ae,98,e2,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\arnaud\Mes documents\frost music\The Zombies - Will You Love Me Tomorrow : Bbc.mp3 3248109 bytes hidden from API
C:\Documents and Settings\arnaud\Mes documents\frost music\The Zombies - Early One Morning : Bbc.mp3 2048044 bytes hidden from API
C:\Documents and Settings\arnaud\Mes documents\frost music\The Zombies - It's All Right : Bbc.mp3 4533334 bytes hidden from API
C:\Documents and Settings\arnaud\Mes documents\frost music\The Zombies - This Old Heart Of Mine : Bbc.mp3 3504109 bytes hidden from API
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 449
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire 4.10.9 Beta"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:Disabled:CSS"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Disabled:INVENTIME"
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\MotoGP2\\motogp2.exe"="C:\\Program Files\\MotoGP2\\motogp2.exe:*:Disabled:motogp2"
"C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Disabled:PANDORA"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe:*:Disabled:pes5.exe"
"C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\\Program Files\\WebMediaPlayer\\WebMediaPlayer.exe"="C:\\Program Files\\WebMediaPlayer\\WebMediaPlayer.exe:*:Disabled:WebMediaPlayer"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\AOL 9.0\\aol.exe"="C:\\Program Files\\AOL 9.0\\aol.exe:*:Disabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL 9.0"
"C:\\Program Files\\Its Label\\ItsTV\\ItsTV.exe"="C:\\Program Files\\Its Label\\ItsTV\\ItsTV.exe:*:Enabled:Application MFC ITSWebTV"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Codemasters\\Colin McRae Rally 2005 Multiplayer Demo\\CMR5.EXE"="C:\\Program Files\\Codemasters\\Colin McRae Rally 2005 Multiplayer Demo\\CMR5.EXE:*:Disabled:Colin McRae Rally 2005 Application"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control"
"C:\\Program Files\\Artefacts Studio\\PetanqueDemo\\bin\\releaseDemo\\Petanque.exe"="C:\\Program Files\\Artefacts Studio\\PetanqueDemo\\bin\\releaseDemo\\Petanque.exe:*:Disabled:Petanque"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"="C:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe:*:Enabled:Colin McRae Rally 04 Application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe:*:Disabled:Miro_Downloader"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\^^^^^.exe"="C:\\WINDOWS\\system32\\^^^^^.exe:*:Enabled:Flash Media"
"C:\\DOCUME~1\\arnaud\\LOCALS~1\\Temp\\Rar$EX01.422\\^^^^^.exe"="C:\\DOCUME~1\\arnaud\\LOCALS~1\\Temp\\Rar$EX01.422\\^^^^^.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 3 Nov 2005 215 A.SHR --- "C:\BOOT.BAK"
Wed 21 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 24 May 2007 8 ..SHR --- "C:\WINDOWS\system32\6C1E174147.sys"
Tue 2 Oct 2007 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 29 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 19 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
[b]Finished![/b]
[b]SDFix: Version 1.165 [/b]
Run by arnaud on 01/04/2008 at 16:58
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 17:07:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe [1600] 0x824105F0
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:77,dc,58,5c,79,15,93,1d,d6,7f,ab,2b,2b,d1,e0,95,fd,9f,ae,98,e2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:77,dc,58,5c,79,15,93,1d,d6,7f,ab,2b,2b,d1,e0,95,fd,9f,ae,98,e2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:77,dc,58,5c,79,15,93,1d,d6,7f,ab,2b,2b,d1,e0,95,fd,9f,ae,98,e2,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\arnaud\Mes documents\frost music\The Zombies - Will You Love Me Tomorrow : Bbc.mp3 3248109 bytes hidden from API
C:\Documents and Settings\arnaud\Mes documents\frost music\The Zombies - Early One Morning : Bbc.mp3 2048044 bytes hidden from API
C:\Documents and Settings\arnaud\Mes documents\frost music\The Zombies - It's All Right : Bbc.mp3 4533334 bytes hidden from API
C:\Documents and Settings\arnaud\Mes documents\frost music\The Zombies - This Old Heart Of Mine : Bbc.mp3 3504109 bytes hidden from API
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 449
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire 4.10.9 Beta"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:Disabled:CSS"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Disabled:INVENTIME"
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\MotoGP2\\motogp2.exe"="C:\\Program Files\\MotoGP2\\motogp2.exe:*:Disabled:motogp2"
"C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Disabled:PANDORA"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe:*:Disabled:pes5.exe"
"C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\\Program Files\\WebMediaPlayer\\WebMediaPlayer.exe"="C:\\Program Files\\WebMediaPlayer\\WebMediaPlayer.exe:*:Disabled:WebMediaPlayer"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\AOL 9.0\\aol.exe"="C:\\Program Files\\AOL 9.0\\aol.exe:*:Disabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL 9.0"
"C:\\Program Files\\Its Label\\ItsTV\\ItsTV.exe"="C:\\Program Files\\Its Label\\ItsTV\\ItsTV.exe:*:Enabled:Application MFC ITSWebTV"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Codemasters\\Colin McRae Rally 2005 Multiplayer Demo\\CMR5.EXE"="C:\\Program Files\\Codemasters\\Colin McRae Rally 2005 Multiplayer Demo\\CMR5.EXE:*:Disabled:Colin McRae Rally 2005 Application"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control"
"C:\\Program Files\\Artefacts Studio\\PetanqueDemo\\bin\\releaseDemo\\Petanque.exe"="C:\\Program Files\\Artefacts Studio\\PetanqueDemo\\bin\\releaseDemo\\Petanque.exe:*:Disabled:Petanque"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"="C:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe:*:Enabled:Colin McRae Rally 04 Application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe:*:Disabled:Miro_Downloader"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\^^^^^.exe"="C:\\WINDOWS\\system32\\^^^^^.exe:*:Enabled:Flash Media"
"C:\\DOCUME~1\\arnaud\\LOCALS~1\\Temp\\Rar$EX01.422\\^^^^^.exe"="C:\\DOCUME~1\\arnaud\\LOCALS~1\\Temp\\Rar$EX01.422\\^^^^^.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 3 Nov 2005 215 A.SHR --- "C:\BOOT.BAK"
Wed 21 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 24 May 2007 8 ..SHR --- "C:\WINDOWS\system32\6C1E174147.sys"
Tue 2 Oct 2007 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 29 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 19 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
[b]Finished![/b]
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 19:21
1 avril 2008 à 19:21
Très bien en effet il y en a encore. Donc tu vas aller dans le poste de travail puis dans affichage, options des dossiers et tu vas cocher "Afficher les dossiers masqués". Ensuite tu rebalances un MSNFix comme dans le post n°11. Poste le rapport une fois effectué.
Ensuite tu vas télécharger CCleaner ici:http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
Durant l'installation décoche la case "Ajouter la barre d'outils Yahoo!" Une fois installé tu cliques sur "Nettoyeur" et vérifie que c'est bien bien l'onglet "Windows" ensuite tu lances "Analyse" puis une fois fait, fais "Nettoyage". Après tu cliques sur "Registre" et "Chercher des erreurs". Une fois qu'il aura terminer l'analyse lance "Réparer les erreurs sélectionnées".
Après ce nettoyage tu feras un scan complet avec Avast! en vérifiant bien qu'il soit mis à jour et tu posteras le rapport.
Pour CCleaner si tu peines il y a un tuto ici:https://www.malekal.com/tutoriel-ccleaner/
Ensuite tu vas télécharger CCleaner ici:http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
Durant l'installation décoche la case "Ajouter la barre d'outils Yahoo!" Une fois installé tu cliques sur "Nettoyeur" et vérifie que c'est bien bien l'onglet "Windows" ensuite tu lances "Analyse" puis une fois fait, fais "Nettoyage". Après tu cliques sur "Registre" et "Chercher des erreurs". Une fois qu'il aura terminer l'analyse lance "Réparer les erreurs sélectionnées".
Après ce nettoyage tu feras un scan complet avec Avast! en vérifiant bien qu'il soit mis à jour et tu posteras le rapport.
Pour CCleaner si tu peines il y a un tuto ici:https://www.malekal.com/tutoriel-ccleaner/
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 19:34
1 avril 2008 à 19:34
Bien il y en a encore. Tu vas aller faire un tour dans l'ordinateur (poste de travail) puis dans "organiser", "option des dossier", "affichage" et tu vas cocher la case "Afficher les dossiers cachés". Ensuite tu balances un MSNFix comme dans le post11.
Après tu télécharges ça:http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
Une fois installé tu regardes dans "nettoyeur" puis onglet "Windows" et tu fais "lancer le nettoyage". Une fois fait tu ckiques sur "registre" puis "chercher les erreurs". Une fois le scan terminé fais "Réparer les erreurs". Une fenêtre va apparître, clique sur "réparer toutes les erreurs" puis il y aura une sauvegarde au cas où il y aurait un problème.
Après ça tu vas faire un scan complet avec Avast en vérifiant bien que sa base virale soit à jour. Tu dégommes tout ce qu'il te trouve et à la fin tu postes le rapport ici.
Après tu télécharges ça:http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
Une fois installé tu regardes dans "nettoyeur" puis onglet "Windows" et tu fais "lancer le nettoyage". Une fois fait tu ckiques sur "registre" puis "chercher les erreurs". Une fois le scan terminé fais "Réparer les erreurs". Une fenêtre va apparître, clique sur "réparer toutes les erreurs" puis il y aura une sauvegarde au cas où il y aurait un problème.
Après ça tu vas faire un scan complet avec Avast en vérifiant bien que sa base virale soit à jour. Tu dégommes tout ce qu'il te trouve et à la fin tu postes le rapport ici.
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 19:37
1 avril 2008 à 19:37
desol je pige pas bien !!! je fait kel post 22 ou 23 ? ou les 2?
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 19:40
1 avril 2008 à 19:40
qu'entend tu par degommé suprimer ou mettre en quarantaine ?????
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 19:39
1 avril 2008 à 19:39
Il y eu un petit bug; fais le premier post (n°22)
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 19:42
1 avril 2008 à 19:42
Si Avast est capable de le supprimer alors fais-le; sinon quarantaine.
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 19:54
1 avril 2008 à 19:54
MSNFix 1.695
C:\Documents and Settings\arnaud\Bureau\MSNFix
Fix exécuté le 01/04/2008 - 19:52:04,48 By arnaud
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^.exe
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
C:\Documents and Settings\arnaud\Bureau\MSNFix
Fix exécuté le 01/04/2008 - 19:52:04,48 By arnaud
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^.exe
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
>
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
1 avril 2008 à 20:01
1 avril 2008 à 20:01
sur c cleaner dois je coche la case: Avancé ???? et emplacement des telechargement ???
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 20:04
1 avril 2008 à 20:04
C'est "Nettoyeur" puis onglet "Windows". Coche la case "Emplacement des téléchargements" si elle est décochée.
NB: il se peut que les dossiers infectés soient là car les trojans viennent souvent des téléchargments
NB: il se peut que les dossiers infectés soient là car les trojans viennent souvent des téléchargments
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 21:53
1 avril 2008 à 21:53
avast n'a rien trouver ! c bon ? si oui puis je desinstaller tous les logiciel MSNFix , MALWARE ,SDFIX , etc
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 21:59
1 avril 2008 à 21:59
Tu n'as plus de problèmes? Poste un rapport Hijackthis stp.
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 22:04
1 avril 2008 à 22:04
ok pourtant la page en fond bleue qui parle d option memoires du BIOS est toujour la quand j'etteint lordi et j'ai toujour ce fichier ; ntuser.dat.LOG qui vari entre 1 et 400 KO . bon et en tapant ce message avast vien de me retrouver 2 jmh trj . ca me rend fou ce truc .
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 22:17
1 avril 2008 à 22:17
Ils font de la résistance, alors on va sortir un premier bazooka! Télécharge Trojan Remover ici:https://www.simplysup.com/tremover/download.html
En cours d'installation il affichera une fenêtre disant qu'il va faire une mise à jour, clique sur ok. Après une fenêtre bleutée, tu cliques sur "Update".
NB: si il met un problème de connexion au serveur tu changes le serveur dans le menu déroulant en haut à gauche.
Une fenêtre va te dire ensuite que c'est une version gratos de trente jours, tu cliques sur "Continue".
Dès qu'il est installé tu te DECONNECTES d'internet et tu DESACTIVES tes logicels de protections (Avast) enfin tu lances le scan puis clique yes si il te dit qu'il faut désactiver tes antivirus et autres.
Pendant le scan si un élément est détecté tu cliques sur"Prevent this program from running, and rename the program file"
A la fin du scan il te dira de redémarrer ton ordi, clique sur yes pour qu'il redémarre
Tu me diras s'il a trouvé les derniers trojans.
PS: j'enquête pour ton problème d'écran bleu.
En cours d'installation il affichera une fenêtre disant qu'il va faire une mise à jour, clique sur ok. Après une fenêtre bleutée, tu cliques sur "Update".
NB: si il met un problème de connexion au serveur tu changes le serveur dans le menu déroulant en haut à gauche.
Une fenêtre va te dire ensuite que c'est une version gratos de trente jours, tu cliques sur "Continue".
Dès qu'il est installé tu te DECONNECTES d'internet et tu DESACTIVES tes logicels de protections (Avast) enfin tu lances le scan puis clique yes si il te dit qu'il faut désactiver tes antivirus et autres.
Pendant le scan si un élément est détecté tu cliques sur"Prevent this program from running, and rename the program file"
A la fin du scan il te dira de redémarrer ton ordi, clique sur yes pour qu'il redémarre
Tu me diras s'il a trouvé les derniers trojans.
PS: j'enquête pour ton problème d'écran bleu.
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 23:01
1 avril 2008 à 23:01
pour arranger mes affaires suis une quiche en anglais !!!! alors voila
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
01/04/2008 22:55:26: Trojan Remover has been restarted
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe has been renamed to C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe.vir
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Flash Media] - already deleted
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\[xsfjlbc] - deleted
=======================================================
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
01/04/2008 22:55:26: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.8.2523. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01/04/2008 22:50:18
Using Database v6962
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\arnaud\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\arnaud\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
**************************************************
**************************************************
22:50:18: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
22:50:18: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
22:50:18: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
22:50:19: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 16/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
File: C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
64156 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company:
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe appears to be in-use/locked
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - this entry will be removed (no action requested on file)
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
5650944 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
180269 bytes
Created: 26/04/2006
Modified: 26/04/2006
Company: RealNetworks, Inc.
--------------------
Value Name: CmUsbAudio
Value Data: RunDll32 cmcnfg2.cpl,CMICtrlWnd
cmcnfg2.cpl [file not found to scan]
--------------------
Value Name: orahssStartup
Value Data: "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
462848 bytes
Created: 01/02/2007
Modified: 04/01/2007
Company: France Telecom SA
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
79224 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
385024 bytes
Created: 01/02/2008
Modified: 01/02/2008
Company: Apple Inc.
--------------------
Value Name: Flash Media
Value Data: C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
64156 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company:
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe appears to be in-use/locked
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - this registry value has been removed
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - process is either not running or could not be terminated
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - file ownership assigned to: SNNECCI\arnaud
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - process is either not running or could not be terminated
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - file backed up to C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe.vir
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - file has been neutralised
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - marked for renaming when the PC is restarted
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
874064 bytes
Created: 01/04/2008
Modified: 27/03/2008
Company: Simply Super Software
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
874064 bytes
Created: 01/04/2008
Modified: 27/03/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
**************************************************
22:50:41: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
**************************************************
22:50:41: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
Hidden Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ValueName: xsfjlbc
Value: c:\windows\system32\xsfjlbc.exe xsfjlbc
c:\windows\system32\xsfjlbc.exe
307200 bytes
Modified: 31/03/2008
Company:
c:\windows\system32\xsfjlbc.exe appears to contain: ADWARE.NAVIPROMO (HEURISTIC DETECTION)
c:\windows\system32\xsfjlbc.exe - this registry value has been removed
c:\windows\system32\xsfjlbc.exe - process is either not running or could not be terminated
c:\windows\system32\xsfjlbc.exe - file renamed to: c:\windows\system32\xsfjlbc.exe.vir
PACK.EPK, associated with Adware.NaviPromo, found in C:\WINDOWS\
C:\WINDOWS\PACK.EPK - file renamed to: C:\WINDOWS\PACK.EPK.vir
xsfjlbc.dat, associated with Adware.NaviPromo, found in c:\windows\system32\
c:\windows\system32\xsfjlbc.dat - file renamed to: c:\windows\system32\xsfjlbc.dat.vir
xsfjlbc_navps.dat, associated with Adware.NaviPromo, found in c:\windows\system32\
c:\windows\system32\xsfjlbc_navps.dat - file renamed to: c:\windows\system32\xsfjlbc_navps.dat.vir
----------
**************************************************
22:51:08: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\ALBUMA~1.SCR
C:\WINDOWS\ALBUMA~1.SCR
57344 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Norlab
--------------------
**************************************************
22:51:08: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
C:\WINDOWS\system32\shmgrate.exe
42496 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
C:\WINDOWS\system32\advpack.dll
124928 bytes
Created: 16/08/2004
Modified: 07/12/2007
Company: Microsoft Corporation
----------
Key: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
C:\WINDOWS\system32\advpack.dll - file already scanned
----------
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\system32\advpack.dll - file already scanned
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
**************************************************
22:51:08: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 16/08/2004
Modified: 16/08/2006
Company: Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
**************************************************
22:51:09: Scanning ----- SERVICES REGISTRY KEYS -----
Key: abp480n5
ImagePath: system32\DRIVERS\ABP480N5.SYS
C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23552 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: adpu160m
ImagePath: system32\DRIVERS\adpu160m.sys
C:\WINDOWS\system32\DRIVERS\adpu160m.sys
101888 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: agpCPQ
ImagePath: system32\DRIVERS\agpCPQ.sys
C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
44928 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: Aha154x
ImagePath: system32\DRIVERS\aha154x.sys
C:\WINDOWS\system32\DRIVERS\aha154x.sys
12800 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: aic78u2
ImagePath: system32\DRIVERS\aic78u2.sys
C:\WINDOWS\system32\DRIVERS\aic78u2.sys
55168 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: aic78xx
ImagePath: system32\DRIVERS\aic78xx.sys
C:\WINDOWS\system32\DRIVERS\aic78xx.sys
56960 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: alim1541
ImagePath: system32\DRIVERS\alim1541.sys
C:\WINDOWS\system32\DRIVERS\alim1541.sys
42752 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: amdagp
ImagePath: system32\DRIVERS\amdagp.sys
C:\WINDOWS\system32\DRIVERS\amdagp.sys
43008 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Advanced Micro Devices, Inc.
----------
Key: AmdK8
ImagePath: system32\DRIVERS\AmdK8.sys
C:\WINDOWS\system32\DRIVERS\AmdK8.sys
38912 bytes
Created: 03/11/2005
Modified: 08/05/2004
Company: Microsoft Corporation
----------
Key: amsint
ImagePath: system32\DRIVERS\amsint.sys
C:\WINDOWS\system32\DRIVERS\amsint.sys
12032 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: AOL ACS
ImagePath: C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
1135728 bytes
Created: 03/11/2005
Modified: 08/04/2004
Company: America Online, Inc.
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 06/09/2007
Modified: 06/09/2007
Company: Apple, Inc.
----------
Key: asc
ImagePath: system32\DRIVERS\asc.sys
C:\WINDOWS\system32\DRIVERS\asc.sys
26496 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Advanced System Products, Inc.
----------
Key: asc3350p
ImagePath: system32\DRIVERS\asc3350p.sys
C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22400 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: asc3550
ImagePath: system32\DRIVERS\asc3550.sys
C:\WINDOWS\system32\DRIVERS\asc3550.sys
14848 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Advanced System Products, Inc.
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
17272 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: atksgt
ImagePath: system32\DRIVERS\atksgt.sys
C:\WINDOWS\system32\DRIVERS\atksgt.sys
165376 bytes
Created: 02/10/2006
Modified: 02/10/2006
Company:
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
140664 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
247160 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
345464 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: Boonty Games
ImagePath: "C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
69120 bytes
Created: 23/05/2007
Modified: 23/05/2007
Company: BOONTY
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\arnaud\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: cbidf
ImagePath: system32\DRIVERS\cbidf2k.sys
C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13952 bytes
Created: 17/08/2001
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: cd20xrnt
ImagePath: system32\DRIVERS\cd20xrnt.sys
C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
7680 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: CdaC15BA
ImagePath: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
C:\WINDOWS\system32\drivers\CdaC15BA.SYS
12464 bytes
Created: 23/05/2007
Modified: 23/05/2007
Company: Macrovision Europe Ltd
----------
Key: CLCapSvc
ImagePath: "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
221266 bytes
Created: 03/11/2005
Modified: 11/05/2005
Company:
----------
Key: CLSched
ImagePath: "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
110672 bytes
Created: 03/11/2005
Modified: 11/05/2005
Company:
----------
Key: CmdIde
ImagePath: system32\DRIVERS\cmdide.sys
C:\WINDOWS\system32\DRIVERS\cmdide.sys
6656 bytes
Created: 16/08/2004
Modified: 23/08/2001
Company: CMD Technology, Inc.
----------
Key: cmuda2
ImagePath: system32\drivers\cmuda2.sys
C:\WINDOWS\system32\drivers\cmuda2.sys
705536 bytes
Created: 16/03/2007
Modified: 05/01/2004
Company: C-Media Inc
----------
Key: Cpqarray
ImagePath: system32\DRIVERS\cpqarray.sys
C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14976 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: CyberLink Media Library Service
ImagePath: "C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
61440 bytes
Created: 03/11/2005
Modified: 11/05/2005
Company: Cyberlink
----------
Key: dac2w2k
ImagePath: system32\DRIVERS\dac2w2k.sys
C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
179584 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Mylex Corporation
----------
Key: dac960nt
ImagePath: system32\DRIVERS\dac960nt.sys
C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14720 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: dpti2o
ImagePath: system32\DRIVERS\dpti2o.sys
C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20192 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: FTRTSVC
ImagePath: "C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
57344 bytes
Created: 01/02/2007
Modified: 04/01/2007
Company: France Telecom SA
----------
Key: GEARAspiWDM
ImagePath: System32\Drivers\GEARAspiWDM.sys
C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
15664 bytes
Created: 19/09/2006
Modified: 19/09/2006
Company: GEAR Software Inc.
----------
Key: GenericHidService
ImagePath: c:\APPS\HIDSERVICE\HIDSERVICE.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
49152 bytes
Created: 03/11/2005
Modified: 07/01/2005
Company:
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 04/09/2007
Modified: 04/01/2007
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\WINDOWS\system32\drivers\HdAudio.sys
145920 bytes
Created: 07/01/2005
Modified: 07/01/2005
Company: Windows (R) Server 2003 DDK provider
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
138752 bytes
Created: 07/01/2005
Modified: 07/01/2005
Company: Windows (R) Server 2003 DDK provider
----------
Key: hpn
ImagePath: system32\DRIVERS\hpn.sys
C:\WINDOWS\system32\DRIVERS\hpn.sys
25952 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: i2omp
ImagePath: system32\DRIVERS\i2omp.sys
C:\WINDOWS\system32\DRIVERS\i2omp.sys
18560 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: ini910u
ImagePath: system32\DRIVERS\ini910u.sys
C:\WINDOWS\system32\DRIVERS\ini910u.sys
16000 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
2564032 bytes
Created: 03/11/2005
Modified: 15/04/2005
Company: Realtek Semiconductor Corp.
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe
504104 bytes
Created: 19/02/2008
Modified: 19/02/2008
Company: Apple Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
311296 bytes
Created: 17/04/2006
Modified: 17/04/2006
Company: Lexmark International, Inc.
----------
Key: lirsgt
ImagePath: system32\DRIVERS\lirsgt.sys
C:\WINDOWS\system32\DRIVERS\lirsgt.sys
18048 bytes
Created: 02/10/2006
Modified: 02/10/2006
Company:
----------
Key: MBAMCatchMe
ImagePath: \??\C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys
C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys
27136 bytes
Created: 01/04/2008
Modified: 19/03/2008
Company:
----------
Key: MemStPCI
ImagePath: system32\DRIVERS\MemStPCI.SYS
C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS
26112 bytes
Created: 17/10/2006
Modified: 03/08/2004
Company: Sony Corporation
----------
Key: mraid35x
ImagePath: system32\DRIVERS\mraid35x.sys
C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17280 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: American Megatrends Inc.
----------
Key: MTC0001_RMC
ImagePath: system32\drivers\RMC.sys
C:\WINDOWS\system32\drivers\RMC.sys
13912 bytes
Created: 01/01/1980
Modified: 22/04/2005
Company:
----------
Key: Mtlmnt5
ImagePath: system32\DRIVERS\SLDRV\Mtlmnt5.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys
229720 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: Mtlstrm
ImagePath: system32\DRIVERS\SLDRV\Mtlstrm.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys
1396048 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: MySqlInventime
ImagePath: c:\mysql\bin\mysqld-max-nt MySqlInventime
c:\mysql\bin\mysqld-max-nt.EXE
2580480 bytes
Created: 03/11/2005
Modified: 09/09/2003
Company:
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88448 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
441136 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS
34688 bytes
Created: 01/02/2007
Modified: 23/09/2003
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
32128 bytes
Created: 24/04/2006
Modified: 27/06/2006
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: pepifilter
ImagePath: system32\DRIVERS\lv302af.sys
C:\WINDOWS\system32\DRIVERS\lv302af.sys
5915 bytes
Created: 06/05/2006
Modified: 21/01/2004
Company: Labtec Inc.
----------
Key: perc2
ImagePath: system32\DRIVERS\perc2.sys
C:\WINDOWS\system32\DRIVERS\perc2.sys
27296 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: perc2hib
ImagePath: system32\DRIVERS\perc2hib.sys
C:\WINDOWS\system32\DRIVERS\perc2hib.sys
5504 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: PID_08A0
ImagePath: system32\DRIVERS\LV302AV.SYS
C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
271360 bytes
Created: 06/05/2006
Modified: 21/01/2004
Company: Labtec Inc.
----------
Key: PxHelp20
ImagePath: System32\Drivers\PxHelp20.sys
C:\WINDOWS\System32\Drivers\PxHelp20.sys
36560 bytes
Created: 27/09/2006
Modified: 27/09/2006
Company: Sonic Solutions
----------
Key: ql1080
ImagePath: system32\DRIVERS\ql1080.sys
C:\WINDOWS\system32\DRIVERS\ql1080.sys
40320 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: Ql10wnt
ImagePath: system32\DRIVERS\ql10wnt.sys
C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
33152 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ql12160
ImagePath: system32\DRIVERS\ql12160.sys
C:\WINDOWS\system32\DRIVERS\ql12160.sys
45312 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: ql1240
ImagePath: system32\DRIVERS\ql1240.sys
C:\WINDOWS\system32\DRIVERS\ql1240.sys
40448 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ql1280
ImagePath: system32\DRIVERS\ql1280.sys
C:\WINDOWS\system32\DRIVERS\ql1280.sys
49024 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: RecAgent
ImagePath: system32\DRIVERS\SLDRV\RecAgent.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys
14520 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: RT2500
ImagePath: system32\DRIVERS\RT2500.sys
C:\WINDOWS\system32\DRIVERS\RT2500.sys
228992 bytes
Created: 01/01/1980
Modified: 23/02/2005
Company: Ralink Technology Inc.
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
20480 bytes
Created: 16/08/2004
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: sfdrv01
ImagePath: System32\drivers\sfdrv01.sys
C:\WINDOWS\System32\drivers\sfdrv01.sys
50688 bytes
Created: 10/08/2005
Modified: 10/08/2005
Company: Protection Technology
----------
Key: sfhlp02
ImagePath: System32\drivers\sfhlp02.sys
C:\WINDOWS\System32\drivers\sfhlp02.sys
6656 bytes
Created: 16/05/2005
Modified: 16/05/2005
Company: Protection Technology
----------
Key: sfvfs02
ImagePath: System32\drivers\sfvfs02.sys
C:\WINDOWS\System32\drivers\sfvfs02.sys
63488 bytes
Created: 03/11/2005
Modified: 03/11/2005
Company: Protection Technology
----------
Key: SIS163u
ImagePath: system32\DRIVERS\sis163u.sys
C:\WINDOWS\system32\DRIVERS\sis163u.sys
215040 bytes
Created: 20/06/2005
Modified: 20/06/2005
Company: SiS Corporation
----------
Key: sisagp
ImagePath: system32\DRIVERS\sisagp.sys
C:\WINDOWS\system32\DRIVERS\sisagp.sys
41088 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Silicon Integrated Systems Corporation
----------
Key: Slazldrv
ImagePath: system32\DRIVERS\SLDRV\slazldrv.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys
226768 bytes
Created: 03/11/2005
Modified: 05/01/2005
Company:
----------
Key: SlNtHal
ImagePath: system32\DRIVERS\SLDRV\Slnthal.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys
100176 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: SLService
ImagePath: slserv.exe
C:\WINDOWS\system32\slserv.exe
57344 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: SlWdmSup
ImagePath: system32\DRIVERS\SLDRV\SlWdmSup.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys
13216 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: Sparrow
ImagePath: system32\DRIVERS\sparrow.sys
C:\WINDOWS\system32\DRIVERS\sparrow.sys
19072 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Adaptec, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 07/02/2007
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 07/02/2007
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 07/02/2007
Modified: 30/08/2005
Company: MCCI
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{4F20079B-9003-46EB-AFC3-0037ECFBBC7A}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: symc810
ImagePath: system32\DRIVERS\symc810.sys
C:\WINDOWS\system32\DRIVERS\symc810.sys
16256 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Symbios Logic Inc.
----------
Key: symc8xx
ImagePath: system32\DRIVERS\symc8xx.sys
C:\WINDOWS\system32\DRIVERS\symc8xx.sys
32640 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: sym_hi
ImagePath: system32\DRIVERS\sym_hi.sys
C:\WINDOWS\system32\DRIVERS\sym_hi.sys
28384 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: sym_u3
ImagePath: system32\DRIVERS\sym_u3.sys
C:\WINDOWS\system32\DRIVERS\sym_u3.sys
30688 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
189152 bytes
Created: 01/01/1980
Modified: 04/03/2005
Company: Synaptics, Inc.
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip6.sys
C:\WINDOWS\system32\DRIVERS\tcpip6.sys
225664 bytes
Created: 16/08/2004
Modified: 16/08/2006
Company: Microsoft Corporation
----------
Key: tifm21
ImagePath: system32\drivers\tifm21.sys
C:\WINDOWS\system32\drivers\tifm21.sys
160768 bytes
Created: 01/01/1980
Modified: 04/04/2005
Company: Texas Instruments
----------
Key: TosIde
ImagePath: system32\DRIVERS\toside.sys
C:\WINDOWS\system32\DRIVERS\toside.sys
4992 bytes
Created: 16/08/2004
Modified: 23/08/2001
Company: Microsoft Corporation
----------
Key: ULI5261
ImagePath: system32\DRIVERS\ULILAN.SYS
C:\WINDOWS\system32\DRIVERS\ULILAN.SYS
28160 bytes
Created: 01/01/1980
Modified: 31/12/2004
Company: ULi Electronics Inc.
----------
Key: ultra
ImagePath: system32\DRIVERS\ultra.sys
C:\WINDOWS\system32\DRIVERS\ultra.sys
36736 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Promise Technology, Inc.
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21344 bytes
Created: 16/12/2006
Modified: 30/08/2005
Company: LG Electronics Inc.
----------
Key: UsbDiag
ImagePath: system32\DRIVERS\lgusbdiag.sys
C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
38144 bytes
Created: 16/12/2006
Modified: 30/08/2005
Company: LG Electronics Inc.
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
39248 bytes
Created: 16/12/2006
Modified: 30/08/2005
Company: LG Electronics Inc.
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
----------
Key: viaagp
ImagePath: system32\DRIVERS\viaagp.sys
C:\WINDOWS\system32\DRIVERS\viaagp.sys
42240 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
918016 bytes
Created: 09/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
**************************************************
22:51:23: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
**************************************************
22:51:23: Scanning ----- WINLOGON\NOTIFY DLLS -----
**************************************************
22:51:23: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
75128 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: Fichiers hors connexion
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path: %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll
337920 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 01/04/2008
Modified: 05/02/2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WinRAR\rarext.dll
128512 bytes
Created: 04/07/2007
Modified: 22/05/2007
Company:
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
**************************************************
22:51:24: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems, Inc.
----------
**************************************************
22:51:24: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63128 bytes
Created: 23/09/2005
Modified: 12/01/2006
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
853672 bytes
Created: 03/09/2006
Modified: 31/05/2005
Company: Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
501136 bytes
Created: 02/09/2007
Modified: 12/07/2007
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
324416 bytes
Created: 07/07/2006
Modified: 07/07/2006
Company: Microsoft Corporation
----------
Key: {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
BHO: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
155648 bytes
Created: 06/05/2006
Modified: 13/08/2004
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
282624 bytes
Created: 06/05/2006
Modified: 17/01/2006
Company: Microsoft Corporation
----------
**************************************************
22:51:24: Scanning ----- SHELLSERVICEOBJECTS -----
Key: PostBootReminder
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: CDBurn
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
233472 bytes
Created: 16/08/2004
Modified: 07/12/2007
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 09/05/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
**************************************************
22:51:25: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment: Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1022976 bytes
Created: 16/08/2004
Modified: 23/09/2006
Company: Microsoft Corporation
----------
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1022976 bytes
Created: 16/08/2004
Modified: 23/09/2006
Company: Microsoft Corporation
----------
**************************************************
22:51:25: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
**************************************************
22:51:25: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
**************************************************
22:51:25: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll
C:\WINDOWS\system32\msapsspc.dll
86016 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
DLL: schannel.dll
C:\WINDOWS\system32\schannel.dll
144896 bytes
Created: 16/08/2004
Modified: 25/04/2007
Company: Microsoft Corporation
----------
DLL: digest.dll
C:\WINDOWS\system32\digest.dll
68608 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
DLL: msnsspc.dll
C:\WINDOWS\system32\msnsspc.dll
290816 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
**************************************************
22:51:25: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 16/08/2004
Modified: 16/08/2004
Company:
--------------------
**************************************************
No User Startup Groups were located to check
**************************************************
22:51:25: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
558424 bytes
Created: 29/08/2007
Modified: 29/08/2007
Company: Apple Inc.
Parameters: -task
Next Run Time: 08/04/2008 18:25:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
**************************************************
22:51:25: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\arnaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\arnaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
874554 bytes
Created: 23/12/2006
Modified: 21/03/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\arnaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
874554 bytes
Created: 23/12/2006
Modified: 21/03/2008
Company:
----------
Additional file checks completed
---------
**************************************************
22:51:26: Scanning ------ %TEMP% DIRECTORY ------
**************************************************
22:51:26: Scanning ------ ROOT DIRECTORY ------
**************************************************
22:51:26: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[17 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[67 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[18 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[53 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[44 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[164 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[44 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[20 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[23 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[89 loaded modules in total]
--------------------
C:\WINDOWS\system32\LEXBCES.EXE
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
[28 loaded modules in total]
--------------------
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
[29 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[23 loaded modules in total]
--------------------
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
[45 loaded modules in total]
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
[14 loaded modules in total]
--------------------
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
[32 loaded modules in total]
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[29 loaded modules in total]
--------------------
c:\APPS\HIDSERVICE\HIDSERVICE.exe
[20 loaded modules in total]
--------------------
C:\WINDOWS\system32\RunDll32.exe
[40 loaded modules in total]
--------------------
C:\WINDOWS\system32\slserv.exe
[14 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[40 loaded modules in total]
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[50 loaded modules in total]
--------------------
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe
[27 loaded modules in total]
--------------------
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
[26 loaded modules in total]
--------------------
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
[43 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[33 loaded modules in total]
--------------------
C:\Program Files\OrangeHSS\systray\systrayapp.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\wuauclt.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\system32\wscntfy.exe
[23 loaded modules in total]
--------------------
C:\Documents and Settings\arnaud\Application Data\Simply Super Software\Trojan Remover\wwl5.exe
FileSize: 2474560
[This is a Trojan Remover component]
[29 loaded modules in total]
--------------------
**************************************************
22:51:50: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
**************************************************
22:51:50: Checking HOSTS file
No malicious entries were found in the HOSTS file
**************************************************
22:51:50: ------ Scan for other files to remove ------
No malware-related files found to remove
**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl
**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 01/04/2008 22:51:50
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
01/04/2008 22:51:57: restart commenced
************************************************************
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
01/04/2008 22:48:04: Trojan Remover has been restarted
01/04/2008 22:48:04: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.8.2523. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01/04/2008 22:34:58
Using Database v6962
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\arnaud\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\arnaud\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
**************************************************
**************************************************
22:34:59: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
22:34:59: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
22:34:59: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
22:34:59: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 16/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
File: C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
64156 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company:
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe appears to be in-use/locked
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - this entry will be removed (no action requested on file)
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
5650944 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Progra
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
01/04/2008 22:55:26: Trojan Remover has been restarted
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe has been renamed to C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe.vir
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Flash Media] - already deleted
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\[xsfjlbc] - deleted
=======================================================
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
01/04/2008 22:55:26: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.8.2523. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01/04/2008 22:50:18
Using Database v6962
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\arnaud\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\arnaud\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
**************************************************
**************************************************
22:50:18: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
22:50:18: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
22:50:18: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
22:50:19: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 16/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
File: C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
64156 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company:
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe appears to be in-use/locked
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - this entry will be removed (no action requested on file)
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
5650944 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
180269 bytes
Created: 26/04/2006
Modified: 26/04/2006
Company: RealNetworks, Inc.
--------------------
Value Name: CmUsbAudio
Value Data: RunDll32 cmcnfg2.cpl,CMICtrlWnd
cmcnfg2.cpl [file not found to scan]
--------------------
Value Name: orahssStartup
Value Data: "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
462848 bytes
Created: 01/02/2007
Modified: 04/01/2007
Company: France Telecom SA
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
79224 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
385024 bytes
Created: 01/02/2008
Modified: 01/02/2008
Company: Apple Inc.
--------------------
Value Name: Flash Media
Value Data: C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
64156 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company:
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe appears to be in-use/locked
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - this registry value has been removed
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - process is either not running or could not be terminated
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - file ownership assigned to: SNNECCI\arnaud
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - process is either not running or could not be terminated
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - file backed up to C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe.vir
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - file has been neutralised
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - marked for renaming when the PC is restarted
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
874064 bytes
Created: 01/04/2008
Modified: 27/03/2008
Company: Simply Super Software
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
874064 bytes
Created: 01/04/2008
Modified: 27/03/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
**************************************************
22:50:41: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
**************************************************
22:50:41: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
Hidden Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ValueName: xsfjlbc
Value: c:\windows\system32\xsfjlbc.exe xsfjlbc
c:\windows\system32\xsfjlbc.exe
307200 bytes
Modified: 31/03/2008
Company:
c:\windows\system32\xsfjlbc.exe appears to contain: ADWARE.NAVIPROMO (HEURISTIC DETECTION)
c:\windows\system32\xsfjlbc.exe - this registry value has been removed
c:\windows\system32\xsfjlbc.exe - process is either not running or could not be terminated
c:\windows\system32\xsfjlbc.exe - file renamed to: c:\windows\system32\xsfjlbc.exe.vir
PACK.EPK, associated with Adware.NaviPromo, found in C:\WINDOWS\
C:\WINDOWS\PACK.EPK - file renamed to: C:\WINDOWS\PACK.EPK.vir
xsfjlbc.dat, associated with Adware.NaviPromo, found in c:\windows\system32\
c:\windows\system32\xsfjlbc.dat - file renamed to: c:\windows\system32\xsfjlbc.dat.vir
xsfjlbc_navps.dat, associated with Adware.NaviPromo, found in c:\windows\system32\
c:\windows\system32\xsfjlbc_navps.dat - file renamed to: c:\windows\system32\xsfjlbc_navps.dat.vir
----------
**************************************************
22:51:08: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\ALBUMA~1.SCR
C:\WINDOWS\ALBUMA~1.SCR
57344 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Norlab
--------------------
**************************************************
22:51:08: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
C:\WINDOWS\system32\shmgrate.exe
42496 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
C:\WINDOWS\system32\advpack.dll
124928 bytes
Created: 16/08/2004
Modified: 07/12/2007
Company: Microsoft Corporation
----------
Key: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
C:\WINDOWS\system32\advpack.dll - file already scanned
----------
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\system32\advpack.dll - file already scanned
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
**************************************************
22:51:08: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 16/08/2004
Modified: 16/08/2006
Company: Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
**************************************************
22:51:09: Scanning ----- SERVICES REGISTRY KEYS -----
Key: abp480n5
ImagePath: system32\DRIVERS\ABP480N5.SYS
C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23552 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: adpu160m
ImagePath: system32\DRIVERS\adpu160m.sys
C:\WINDOWS\system32\DRIVERS\adpu160m.sys
101888 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: agpCPQ
ImagePath: system32\DRIVERS\agpCPQ.sys
C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
44928 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: Aha154x
ImagePath: system32\DRIVERS\aha154x.sys
C:\WINDOWS\system32\DRIVERS\aha154x.sys
12800 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: aic78u2
ImagePath: system32\DRIVERS\aic78u2.sys
C:\WINDOWS\system32\DRIVERS\aic78u2.sys
55168 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: aic78xx
ImagePath: system32\DRIVERS\aic78xx.sys
C:\WINDOWS\system32\DRIVERS\aic78xx.sys
56960 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: alim1541
ImagePath: system32\DRIVERS\alim1541.sys
C:\WINDOWS\system32\DRIVERS\alim1541.sys
42752 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: amdagp
ImagePath: system32\DRIVERS\amdagp.sys
C:\WINDOWS\system32\DRIVERS\amdagp.sys
43008 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Advanced Micro Devices, Inc.
----------
Key: AmdK8
ImagePath: system32\DRIVERS\AmdK8.sys
C:\WINDOWS\system32\DRIVERS\AmdK8.sys
38912 bytes
Created: 03/11/2005
Modified: 08/05/2004
Company: Microsoft Corporation
----------
Key: amsint
ImagePath: system32\DRIVERS\amsint.sys
C:\WINDOWS\system32\DRIVERS\amsint.sys
12032 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: AOL ACS
ImagePath: C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
1135728 bytes
Created: 03/11/2005
Modified: 08/04/2004
Company: America Online, Inc.
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 06/09/2007
Modified: 06/09/2007
Company: Apple, Inc.
----------
Key: asc
ImagePath: system32\DRIVERS\asc.sys
C:\WINDOWS\system32\DRIVERS\asc.sys
26496 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Advanced System Products, Inc.
----------
Key: asc3350p
ImagePath: system32\DRIVERS\asc3350p.sys
C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22400 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: asc3550
ImagePath: system32\DRIVERS\asc3550.sys
C:\WINDOWS\system32\DRIVERS\asc3550.sys
14848 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Advanced System Products, Inc.
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
17272 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: atksgt
ImagePath: system32\DRIVERS\atksgt.sys
C:\WINDOWS\system32\DRIVERS\atksgt.sys
165376 bytes
Created: 02/10/2006
Modified: 02/10/2006
Company:
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
140664 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
247160 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
345464 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: Boonty Games
ImagePath: "C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
69120 bytes
Created: 23/05/2007
Modified: 23/05/2007
Company: BOONTY
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\arnaud\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: cbidf
ImagePath: system32\DRIVERS\cbidf2k.sys
C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13952 bytes
Created: 17/08/2001
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: cd20xrnt
ImagePath: system32\DRIVERS\cd20xrnt.sys
C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
7680 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: CdaC15BA
ImagePath: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
C:\WINDOWS\system32\drivers\CdaC15BA.SYS
12464 bytes
Created: 23/05/2007
Modified: 23/05/2007
Company: Macrovision Europe Ltd
----------
Key: CLCapSvc
ImagePath: "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
221266 bytes
Created: 03/11/2005
Modified: 11/05/2005
Company:
----------
Key: CLSched
ImagePath: "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
110672 bytes
Created: 03/11/2005
Modified: 11/05/2005
Company:
----------
Key: CmdIde
ImagePath: system32\DRIVERS\cmdide.sys
C:\WINDOWS\system32\DRIVERS\cmdide.sys
6656 bytes
Created: 16/08/2004
Modified: 23/08/2001
Company: CMD Technology, Inc.
----------
Key: cmuda2
ImagePath: system32\drivers\cmuda2.sys
C:\WINDOWS\system32\drivers\cmuda2.sys
705536 bytes
Created: 16/03/2007
Modified: 05/01/2004
Company: C-Media Inc
----------
Key: Cpqarray
ImagePath: system32\DRIVERS\cpqarray.sys
C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14976 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: CyberLink Media Library Service
ImagePath: "C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
61440 bytes
Created: 03/11/2005
Modified: 11/05/2005
Company: Cyberlink
----------
Key: dac2w2k
ImagePath: system32\DRIVERS\dac2w2k.sys
C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
179584 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Mylex Corporation
----------
Key: dac960nt
ImagePath: system32\DRIVERS\dac960nt.sys
C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14720 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: dpti2o
ImagePath: system32\DRIVERS\dpti2o.sys
C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20192 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: FTRTSVC
ImagePath: "C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
57344 bytes
Created: 01/02/2007
Modified: 04/01/2007
Company: France Telecom SA
----------
Key: GEARAspiWDM
ImagePath: System32\Drivers\GEARAspiWDM.sys
C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
15664 bytes
Created: 19/09/2006
Modified: 19/09/2006
Company: GEAR Software Inc.
----------
Key: GenericHidService
ImagePath: c:\APPS\HIDSERVICE\HIDSERVICE.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
49152 bytes
Created: 03/11/2005
Modified: 07/01/2005
Company:
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 04/09/2007
Modified: 04/01/2007
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\WINDOWS\system32\drivers\HdAudio.sys
145920 bytes
Created: 07/01/2005
Modified: 07/01/2005
Company: Windows (R) Server 2003 DDK provider
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
138752 bytes
Created: 07/01/2005
Modified: 07/01/2005
Company: Windows (R) Server 2003 DDK provider
----------
Key: hpn
ImagePath: system32\DRIVERS\hpn.sys
C:\WINDOWS\system32\DRIVERS\hpn.sys
25952 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: i2omp
ImagePath: system32\DRIVERS\i2omp.sys
C:\WINDOWS\system32\DRIVERS\i2omp.sys
18560 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: ini910u
ImagePath: system32\DRIVERS\ini910u.sys
C:\WINDOWS\system32\DRIVERS\ini910u.sys
16000 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
2564032 bytes
Created: 03/11/2005
Modified: 15/04/2005
Company: Realtek Semiconductor Corp.
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe
504104 bytes
Created: 19/02/2008
Modified: 19/02/2008
Company: Apple Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
311296 bytes
Created: 17/04/2006
Modified: 17/04/2006
Company: Lexmark International, Inc.
----------
Key: lirsgt
ImagePath: system32\DRIVERS\lirsgt.sys
C:\WINDOWS\system32\DRIVERS\lirsgt.sys
18048 bytes
Created: 02/10/2006
Modified: 02/10/2006
Company:
----------
Key: MBAMCatchMe
ImagePath: \??\C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys
C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys
27136 bytes
Created: 01/04/2008
Modified: 19/03/2008
Company:
----------
Key: MemStPCI
ImagePath: system32\DRIVERS\MemStPCI.SYS
C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS
26112 bytes
Created: 17/10/2006
Modified: 03/08/2004
Company: Sony Corporation
----------
Key: mraid35x
ImagePath: system32\DRIVERS\mraid35x.sys
C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17280 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: American Megatrends Inc.
----------
Key: MTC0001_RMC
ImagePath: system32\drivers\RMC.sys
C:\WINDOWS\system32\drivers\RMC.sys
13912 bytes
Created: 01/01/1980
Modified: 22/04/2005
Company:
----------
Key: Mtlmnt5
ImagePath: system32\DRIVERS\SLDRV\Mtlmnt5.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys
229720 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: Mtlstrm
ImagePath: system32\DRIVERS\SLDRV\Mtlstrm.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys
1396048 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: MySqlInventime
ImagePath: c:\mysql\bin\mysqld-max-nt MySqlInventime
c:\mysql\bin\mysqld-max-nt.EXE
2580480 bytes
Created: 03/11/2005
Modified: 09/09/2003
Company:
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88448 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
441136 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS
34688 bytes
Created: 01/02/2007
Modified: 23/09/2003
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
32128 bytes
Created: 24/04/2006
Modified: 27/06/2006
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: pepifilter
ImagePath: system32\DRIVERS\lv302af.sys
C:\WINDOWS\system32\DRIVERS\lv302af.sys
5915 bytes
Created: 06/05/2006
Modified: 21/01/2004
Company: Labtec Inc.
----------
Key: perc2
ImagePath: system32\DRIVERS\perc2.sys
C:\WINDOWS\system32\DRIVERS\perc2.sys
27296 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: perc2hib
ImagePath: system32\DRIVERS\perc2hib.sys
C:\WINDOWS\system32\DRIVERS\perc2hib.sys
5504 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: PID_08A0
ImagePath: system32\DRIVERS\LV302AV.SYS
C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
271360 bytes
Created: 06/05/2006
Modified: 21/01/2004
Company: Labtec Inc.
----------
Key: PxHelp20
ImagePath: System32\Drivers\PxHelp20.sys
C:\WINDOWS\System32\Drivers\PxHelp20.sys
36560 bytes
Created: 27/09/2006
Modified: 27/09/2006
Company: Sonic Solutions
----------
Key: ql1080
ImagePath: system32\DRIVERS\ql1080.sys
C:\WINDOWS\system32\DRIVERS\ql1080.sys
40320 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: Ql10wnt
ImagePath: system32\DRIVERS\ql10wnt.sys
C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
33152 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ql12160
ImagePath: system32\DRIVERS\ql12160.sys
C:\WINDOWS\system32\DRIVERS\ql12160.sys
45312 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: ql1240
ImagePath: system32\DRIVERS\ql1240.sys
C:\WINDOWS\system32\DRIVERS\ql1240.sys
40448 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ql1280
ImagePath: system32\DRIVERS\ql1280.sys
C:\WINDOWS\system32\DRIVERS\ql1280.sys
49024 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: RecAgent
ImagePath: system32\DRIVERS\SLDRV\RecAgent.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys
14520 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: RT2500
ImagePath: system32\DRIVERS\RT2500.sys
C:\WINDOWS\system32\DRIVERS\RT2500.sys
228992 bytes
Created: 01/01/1980
Modified: 23/02/2005
Company: Ralink Technology Inc.
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
20480 bytes
Created: 16/08/2004
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: sfdrv01
ImagePath: System32\drivers\sfdrv01.sys
C:\WINDOWS\System32\drivers\sfdrv01.sys
50688 bytes
Created: 10/08/2005
Modified: 10/08/2005
Company: Protection Technology
----------
Key: sfhlp02
ImagePath: System32\drivers\sfhlp02.sys
C:\WINDOWS\System32\drivers\sfhlp02.sys
6656 bytes
Created: 16/05/2005
Modified: 16/05/2005
Company: Protection Technology
----------
Key: sfvfs02
ImagePath: System32\drivers\sfvfs02.sys
C:\WINDOWS\System32\drivers\sfvfs02.sys
63488 bytes
Created: 03/11/2005
Modified: 03/11/2005
Company: Protection Technology
----------
Key: SIS163u
ImagePath: system32\DRIVERS\sis163u.sys
C:\WINDOWS\system32\DRIVERS\sis163u.sys
215040 bytes
Created: 20/06/2005
Modified: 20/06/2005
Company: SiS Corporation
----------
Key: sisagp
ImagePath: system32\DRIVERS\sisagp.sys
C:\WINDOWS\system32\DRIVERS\sisagp.sys
41088 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Silicon Integrated Systems Corporation
----------
Key: Slazldrv
ImagePath: system32\DRIVERS\SLDRV\slazldrv.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys
226768 bytes
Created: 03/11/2005
Modified: 05/01/2005
Company:
----------
Key: SlNtHal
ImagePath: system32\DRIVERS\SLDRV\Slnthal.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys
100176 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: SLService
ImagePath: slserv.exe
C:\WINDOWS\system32\slserv.exe
57344 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: SlWdmSup
ImagePath: system32\DRIVERS\SLDRV\SlWdmSup.sys
C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys
13216 bytes
Created: 03/11/2005
Modified: 01/11/2004
Company:
----------
Key: Sparrow
ImagePath: system32\DRIVERS\sparrow.sys
C:\WINDOWS\system32\DRIVERS\sparrow.sys
19072 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Adaptec, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 07/02/2007
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 07/02/2007
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 07/02/2007
Modified: 30/08/2005
Company: MCCI
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{4F20079B-9003-46EB-AFC3-0037ECFBBC7A}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: symc810
ImagePath: system32\DRIVERS\symc810.sys
C:\WINDOWS\system32\DRIVERS\symc810.sys
16256 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Symbios Logic Inc.
----------
Key: symc8xx
ImagePath: system32\DRIVERS\symc8xx.sys
C:\WINDOWS\system32\DRIVERS\symc8xx.sys
32640 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: sym_hi
ImagePath: system32\DRIVERS\sym_hi.sys
C:\WINDOWS\system32\DRIVERS\sym_hi.sys
28384 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: sym_u3
ImagePath: system32\DRIVERS\sym_u3.sys
C:\WINDOWS\system32\DRIVERS\sym_u3.sys
30688 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
189152 bytes
Created: 01/01/1980
Modified: 04/03/2005
Company: Synaptics, Inc.
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip6.sys
C:\WINDOWS\system32\DRIVERS\tcpip6.sys
225664 bytes
Created: 16/08/2004
Modified: 16/08/2006
Company: Microsoft Corporation
----------
Key: tifm21
ImagePath: system32\drivers\tifm21.sys
C:\WINDOWS\system32\drivers\tifm21.sys
160768 bytes
Created: 01/01/1980
Modified: 04/04/2005
Company: Texas Instruments
----------
Key: TosIde
ImagePath: system32\DRIVERS\toside.sys
C:\WINDOWS\system32\DRIVERS\toside.sys
4992 bytes
Created: 16/08/2004
Modified: 23/08/2001
Company: Microsoft Corporation
----------
Key: ULI5261
ImagePath: system32\DRIVERS\ULILAN.SYS
C:\WINDOWS\system32\DRIVERS\ULILAN.SYS
28160 bytes
Created: 01/01/1980
Modified: 31/12/2004
Company: ULi Electronics Inc.
----------
Key: ultra
ImagePath: system32\DRIVERS\ultra.sys
C:\WINDOWS\system32\DRIVERS\ultra.sys
36736 bytes
Created: 16/08/2004
Modified: 17/08/2001
Company: Promise Technology, Inc.
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21344 bytes
Created: 16/12/2006
Modified: 30/08/2005
Company: LG Electronics Inc.
----------
Key: UsbDiag
ImagePath: system32\DRIVERS\lgusbdiag.sys
C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
38144 bytes
Created: 16/12/2006
Modified: 30/08/2005
Company: LG Electronics Inc.
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
39248 bytes
Created: 16/12/2006
Modified: 30/08/2005
Company: LG Electronics Inc.
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
----------
Key: viaagp
ImagePath: system32\DRIVERS\viaagp.sys
C:\WINDOWS\system32\DRIVERS\viaagp.sys
42240 bytes
Created: 16/08/2004
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
918016 bytes
Created: 09/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
**************************************************
22:51:23: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
**************************************************
22:51:23: Scanning ----- WINLOGON\NOTIFY DLLS -----
**************************************************
22:51:23: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
75128 bytes
Created: 08/10/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: Fichiers hors connexion
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path: %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll
337920 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 01/04/2008
Modified: 05/02/2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WinRAR\rarext.dll
128512 bytes
Created: 04/07/2007
Modified: 22/05/2007
Company:
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
**************************************************
22:51:24: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems, Inc.
----------
**************************************************
22:51:24: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63128 bytes
Created: 23/09/2005
Modified: 12/01/2006
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
853672 bytes
Created: 03/09/2006
Modified: 31/05/2005
Company: Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
501136 bytes
Created: 02/09/2007
Modified: 12/07/2007
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
324416 bytes
Created: 07/07/2006
Modified: 07/07/2006
Company: Microsoft Corporation
----------
Key: {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
BHO: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
155648 bytes
Created: 06/05/2006
Modified: 13/08/2004
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
282624 bytes
Created: 06/05/2006
Modified: 17/01/2006
Company: Microsoft Corporation
----------
**************************************************
22:51:24: Scanning ----- SHELLSERVICEOBJECTS -----
Key: PostBootReminder
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: CDBurn
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
233472 bytes
Created: 16/08/2004
Modified: 07/12/2007
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 09/05/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
**************************************************
22:51:25: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment: Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1022976 bytes
Created: 16/08/2004
Modified: 23/09/2006
Company: Microsoft Corporation
----------
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1022976 bytes
Created: 16/08/2004
Modified: 23/09/2006
Company: Microsoft Corporation
----------
**************************************************
22:51:25: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
**************************************************
22:51:25: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
**************************************************
22:51:25: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll
C:\WINDOWS\system32\msapsspc.dll
86016 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
DLL: schannel.dll
C:\WINDOWS\system32\schannel.dll
144896 bytes
Created: 16/08/2004
Modified: 25/04/2007
Company: Microsoft Corporation
----------
DLL: digest.dll
C:\WINDOWS\system32\digest.dll
68608 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
DLL: msnsspc.dll
C:\WINDOWS\system32\msnsspc.dll
290816 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
**************************************************
22:51:25: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 16/08/2004
Modified: 16/08/2004
Company:
--------------------
**************************************************
No User Startup Groups were located to check
**************************************************
22:51:25: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
558424 bytes
Created: 29/08/2007
Modified: 29/08/2007
Company: Apple Inc.
Parameters: -task
Next Run Time: 08/04/2008 18:25:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
**************************************************
22:51:25: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\arnaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\arnaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
874554 bytes
Created: 23/12/2006
Modified: 21/03/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\arnaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
874554 bytes
Created: 23/12/2006
Modified: 21/03/2008
Company:
----------
Additional file checks completed
---------
**************************************************
22:51:26: Scanning ------ %TEMP% DIRECTORY ------
**************************************************
22:51:26: Scanning ------ ROOT DIRECTORY ------
**************************************************
22:51:26: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[17 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[67 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[18 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[53 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[44 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[164 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[44 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[20 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[23 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[89 loaded modules in total]
--------------------
C:\WINDOWS\system32\LEXBCES.EXE
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
[28 loaded modules in total]
--------------------
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
[29 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[23 loaded modules in total]
--------------------
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
[45 loaded modules in total]
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
[14 loaded modules in total]
--------------------
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
[32 loaded modules in total]
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[29 loaded modules in total]
--------------------
c:\APPS\HIDSERVICE\HIDSERVICE.exe
[20 loaded modules in total]
--------------------
C:\WINDOWS\system32\RunDll32.exe
[40 loaded modules in total]
--------------------
C:\WINDOWS\system32\slserv.exe
[14 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[40 loaded modules in total]
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[50 loaded modules in total]
--------------------
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe
[27 loaded modules in total]
--------------------
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
[26 loaded modules in total]
--------------------
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
[43 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[33 loaded modules in total]
--------------------
C:\Program Files\OrangeHSS\systray\systrayapp.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\wuauclt.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\system32\wscntfy.exe
[23 loaded modules in total]
--------------------
C:\Documents and Settings\arnaud\Application Data\Simply Super Software\Trojan Remover\wwl5.exe
FileSize: 2474560
[This is a Trojan Remover component]
[29 loaded modules in total]
--------------------
**************************************************
22:51:50: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
**************************************************
22:51:50: Checking HOSTS file
No malicious entries were found in the HOSTS file
**************************************************
22:51:50: ------ Scan for other files to remove ------
No malware-related files found to remove
**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl
**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 01/04/2008 22:51:50
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
01/04/2008 22:51:57: restart commenced
************************************************************
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
01/04/2008 22:48:04: Trojan Remover has been restarted
01/04/2008 22:48:04: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.8.2523. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01/04/2008 22:34:58
Using Database v6962
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\arnaud\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\arnaud\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
**************************************************
**************************************************
22:34:59: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
22:34:59: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
22:34:59: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
22:34:59: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 16/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
File: C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
64156 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company:
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe appears to be in-use/locked
C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe - this entry will be removed (no action requested on file)
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
5650944 bytes
Created: 16/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Progra
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 23:12
1 avril 2008 à 23:12
Il a fait un bon nettoyage. Refais un scan HijackThis et mets le rapport là. Et dis-moi si Avast détecte encore les troyens.
Au fait pour ton écran bleu j'ai trouvé ça (et uniquement ça)
Vous avez entré le code 0X0000000A
IRQL_NOT_LESS_OR_EQUAL - code : 0x0000000A
[1] Un processus a tenté d'accéder à la mémoire paginée avec une priorité trop élevée. Cette erreur est souvent due à un pilote de périphérique qui utilise des adresses inexactes. Si le périphérique est mentionné, désinstallez-le puis réinstallez-le ou remplacez son pilote.
[2] Windows XP ou Vista - Si l'erreur survient pendant l'installation de Windows XP, c'est le signe qu'un composant matériel n'est pas reconnu par Windows XP.
[3] Windows XP ou Vista - Si l'erreur survient après l'installation de Windows XP, l'un des pilotes de périphérique n'est poeut-être pas compatible avec Windows XP.
[4] Windows XP ou Vista - Si l'erreur apparaît lors du changement rapide d'utilisateur sous Windows XP, le problème est dû au logiciel de gestion du clavier et au pilote fournis par Netropa.
[5] Windows XP ou Vista - Si l'erreur apparaît lorsque vous arrêtez l'ordinateur et que vous utilisez Easy CD Creator 5.0 ou Direct CD 5.0 de Roxio, téléchargez un emise à jour sur le site de l'éditeur du logiciel.
Au fait pour ton écran bleu j'ai trouvé ça (et uniquement ça)
Vous avez entré le code 0X0000000A
IRQL_NOT_LESS_OR_EQUAL - code : 0x0000000A
[1] Un processus a tenté d'accéder à la mémoire paginée avec une priorité trop élevée. Cette erreur est souvent due à un pilote de périphérique qui utilise des adresses inexactes. Si le périphérique est mentionné, désinstallez-le puis réinstallez-le ou remplacez son pilote.
[2] Windows XP ou Vista - Si l'erreur survient pendant l'installation de Windows XP, c'est le signe qu'un composant matériel n'est pas reconnu par Windows XP.
[3] Windows XP ou Vista - Si l'erreur survient après l'installation de Windows XP, l'un des pilotes de périphérique n'est poeut-être pas compatible avec Windows XP.
[4] Windows XP ou Vista - Si l'erreur apparaît lors du changement rapide d'utilisateur sous Windows XP, le problème est dû au logiciel de gestion du clavier et au pilote fournis par Netropa.
[5] Windows XP ou Vista - Si l'erreur apparaît lorsque vous arrêtez l'ordinateur et que vous utilisez Easy CD Creator 5.0 ou Direct CD 5.0 de Roxio, téléchargez un emise à jour sur le site de l'éditeur du logiciel.
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
1 avril 2008 à 23:29
1 avril 2008 à 23:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:20, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=PHO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Scan saved at 23:27:20, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=PHO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Fireimperator
Messages postés
148
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
17 avril 2008
18
1 avril 2008 à 23:33
1 avril 2008 à 23:33
Tu vois ces lignes, coche les cases devant puis tu fais "Fix Checked"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Et dis-moi s'il y a encore des signes d'infection.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\arnaud\LOCALS~1\Temp\Rar$EX01.422\^^^^^.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Et dis-moi s'il y a encore des signes d'infection.
magnusfx
Messages postés
52
Date d'inscription
lundi 31 mars 2008
Statut
Membre
Dernière intervention
6 novembre 2020
2
2 avril 2008 à 00:05
2 avril 2008 à 00:05
bon jusqu ici tou va bien si ca ce complique je te tien au jus !!!!!! merci de ta patience et de ton efficacité !!! au cas ou tou irai bien puis je desinstalle tou les logiciel que tu ma fai telecharger ??????
